# Finally, after those tests, we can assume (although if it would be better with
# a syspref) that if we get a REMOTE_USER, that's from basic authentication,
# and we can affect it to $userid.
+=for removed-for-saml
if ( !$shib and defined( $ENV{'REMOTE_USER'} ) and $ENV{'REMOTE_USER'} ne '' and $userid = $ENV{'REMOTE_USER'} ) {
# Using Basic Authentication, no cookies required
);
$loggedin = 1;
}
+=cut
+
+
+use Data::Dump qw(dump);
+warn "YYY ENV = ",dump( \%ENV );
+
+ $userid = $ENV{'HTTP_ATTR_CODE'};
+warn "XXX userid = [$userid] ";
+ $sessionID = $query->cookie("CGISESSID");
+
+ if ( $sessionID && $userid ) {
+ my $s = get_session($sessionID);
+ if ( $s->param('sessiontype') eq 'anon' ) {
+ undef $sessionID; # remove anonymous session if we have SAML user
+ }
+ }
+
+# ($userid,$sessionID) = () if $userid eq '_everyone';
+ return clear_saml($query) if $userid && $userid eq '_everyone';
+
+ if ( ! $sessionID && $userid ) { # anonymous SAML user
+ warn "# userid: $userid";
+
+ # create new user from SAML data
+ if ( my $token = $query->cookie('AuthMemCookie') ) {
+
+
+ use Cache::Memcached;
+ my $memd = new Cache::Memcached { 'servers' => [ '127.0.0.1:11211' ], 'compress_threshold' => 10_000 };
+ if ( my $data = $memd->get($token) ) {
+
+ my $saml;
+ foreach ( split(/[\n\r]+/,$data) ) {
+ my ($n,$v) = split /=/, $_;
+ $saml->{$n} = $v;
+ }
+
+ my $categorycode =
+ $saml->{ATTR_code} =~ m/^\d{10}$/ ? 'S' : # JMBAG
+ $saml->{ATTR_code} =~ m/^\w\w\d+/ ? 'D' :
+ 'O';
+
+ my $cardnumber = $categorycode . $saml->{ATTR_code};
+
+ if ( my $borrowernumber = getborrowernumber($saml->{ATTR_nick}) ) {
+ warn "SAML login OK $borrowernumber using ATTR_nick: ", $saml->{ATTR_nick};
+ } elsif ( $borrowernumber = getborrowernumber( $cardnumber ) ) {
+ warn "SAML login OK $borrowernumber using cardnumber: $cardnumber update userid: $userid";
+ my $sth = $dbh->prepare(qq{ update borrowers set userid = ? where userid = cardnumber and cardnumber = ? });
+ $sth->execute( $userid, $cardnumber );
+ } else {
+ my $borrower = {
+ cardnumber => $cardnumber,
+ categorycode => $categorycode,
+
+ userid => $saml->{ATTR_nick},
+ firstname => $saml->{ATTR_first_name},
+ surname => $saml->{ATTR_last_name},
+ branchcode => 'SRE', # FIXME
+ email => $saml->{ATTR_email},
+ dateexpiry => '2020-12-13',
+ password => $token, # required so AddMember won't erase userid
+ };
+
+ require C4::Members;
+ C4::Members::AddMember( %$borrower );
+
+ warn "ADDED $data";
+
+ }
+
+ # Create session for SAML user
+
+ my $sql = qq{
+ SELECT
+ borrowernumber as number,
+ userid as id,
+ cardnumber,
+ firstname,
+ surname,
+ borrowers.branchcode as branch,
+ branches.branchname as branchname,
+ flags,
+ email as emailaddress
+ FROM borrowers
+ LEFT JOIN branches on borrowers.branchcode=branches.branchcode
+ where userid=?
+ };
+ my $sth = $dbh->prepare($sql);
+ $sth->execute( $userid );
+ die "can't find $userid" unless $sth->rows;
+
+ my $session = get_session('') or die "can't create session";
+ my $sessionID = $session->id;
+ C4::Context->_new_userenv($sessionID);
+ $cookie = $query->cookie(CGISESSID => $sessionID);
+
+ my $row = $sth->fetchrow_hashref;
+
+ $session->param( $_ => $row->{$_} ) foreach keys %$row;
+
+ $session->param('ip', $ENV{'REMOTE_ADDR'});
+ $session->param('lasttime',time());
+
+ $session->param('AuthMemCookie', $token);
+
+ C4::Context::set_userenv(
+ $session->param('number'), $session->param('id'),
+ $session->param('cardnumber'), $session->param('firstname'),
+ $session->param('surname'), $session->param('branch'),
+ $session->param('branchname'), $session->param('flags'),
+ $session->param('emailaddress'), $session->param('branchprinter')
+ );
+
+=for removed
+ my $row_count = 10; # FIXME:This probably should be a syspref
+ my ($total, $totshelves, $barshelves, $pubshelves);
+ ($barshelves, $totshelves) = C4::VirtualShelves::GetRecentShelves(1, $row_count, $session->param('number'));
+ $total->{'bartotal'} = $totshelves;
+ ($pubshelves, $totshelves) = C4::VirtualShelves::GetRecentShelves(2, $row_count, undef);
+ $total->{'pubtotal'} = $totshelves;
+ $session->param('barshelves', $barshelves);
+ $session->param('pubshelves', $pubshelves);
+ $session->param('totshelves', $total);
+
+ C4::Context::set_shelves_userenv('bar',$barshelves);
+ C4::Context::set_shelves_userenv('pub',$pubshelves);
+ C4::Context::set_shelves_userenv('tot',$total);
+=cut
+
+ $loggedin = 1;
+
+ if ( $type eq 'opac' ) {
+ my $to = 'https://' . $query->virtual_host . '/' . $query->path_info;
+ warn "XXX redirect $userid to $to";
+ ## FIXME 2011-12-20 dpavlin -- redirect logged in users to http
+ print $query->redirect( -uri => $to, -status => 302, -cookie => $cookie );
+# exit;
+ }
+
+ } else {
+ die "Can't find SAML token $token for user $userid\n";
+ }
+ } else {
+ die "Can't find SAML token for user $userid\n";
+ }
+
+ } # XXX SAML anon user
+
+
elsif ( $emailaddress) {
# the Google OpenID Connect passes an email address
}